InfectedHelppls
-
Posts
24 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by InfectedHelppls
-
-
Hi Kevin, I completed the scan and it has finished.
I think the issue of boot hanging may be due to my motherboard being a duel boot BIOS? Before I had issued I would see my normal boot loader. Since having issues and it hanging I now see a much older boot loader. Is there a way to change it?
My MOBO: Gigabyte Z87X-UD3H-CF
Thanks Kevin.
-
Nope, it just stays and maintains the same screen. So I restart my pc and usually it boots okay. sometimes booting back to hang. I also often get disk checks when I turn on my pc, but they never seem to solve the issue
-
-
-
Hi Kevin, I didn't notice any issues before this really. Just that I was having high CPU usage all the time.
I do however have an issue when I boot, half the time I get stuck in the boot loader, it won't complete a boot cycle, but will hang there until I restart. Then it usually works. When boot is complete windows starts a system disk check? I've not been able to boot as usual for a while now and I'm not sure what the issue is.
-
-
Hi I completed the FRST SearchReg.txt
-
Did I do the KVRT scan log bit correctly?
In terms of the actual scan there were no objects decected.Fixlog.txt
Thank you so much for you help so far!
-
23 items detected, 22 quarantined.
-
Hi, I ran a malwarebytes threat scan yesterday and everything was clean.
Ran a windows defender scan and three trojans showed up; I removed them but when I completed another scan it showed up as threats being there. But I was unable to clear them for some reason. It won't show me the logs from windows defender so I cannot attach them. Addition.txtFRST.txt
My malwarebytes is running but its taken 2 hours so I'll update the logs when I get them. But it is currently saying 18 detections.
-
-
Hi, I found no threats. Do you think this is an issue with my audio drivers? I'm still getting peaking at 75% cpu usage. Whats some good clean up advice? thanks.
-
Hi I was hoping you could help,
ReInstalled Focusrite audio drivers recently as I was having strange audio issues connected with the cpu/health of my pc. A video/all my audio would suddenly disconnect and I wouldn't be able to hear them, then nothing would load on my Pc, but youtube would look "loading", as if the page still worked. So I reinstalled them.
I have also had a boot issue, when I turn my PC on it hangs on the "Gigabyte -----" screen until I force restart it, then it will load up to win 7 loading.
Now I've been having the problem of my CPU spiking up to 75% for prolonged periods of time; 5 minutes.
Am I infected? How can I fix this? Thanks.
Threat scan + FRST logs below.
Addition_23-04-2020 23.03.35.txt FRST_23-04-2020 23.03.35.txt Mthreatscan.txt
-
I've been having blocked inbound and outbound connections from deluge and google chrome recently saying its a trojan or other malicious websites/connections. I will post a few logs so you know.
SpoilerMalwarebytes
www.malwarebytes.com-Log Details-
Protection Event Date: 12/18/19
Protection Event Time: 6:58 PM
Log File: 7151fc92-21c8-11ea-a0a8-00ff00fe27da.json-Software Information-
Version: 4.0.4.49
Components Version: 1.0.781
Update Package Version: 1.0.16390
License: Premium-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Deluge\deluge.exe, Blocked, -1, -1, 0.0.0-Website Data-
Category: Trojan
Domain:
IP Address: 190.90.239.42
Port: 65327
Type: Inbound
File: C:\Program Files (x86)\Deluge\deluge.exe(end)
SpoilerMalwarebytes
www.malwarebytes.com-Log Details-
Protection Event Date: 12/18/19
Protection Event Time: 5:57 PM
Log File: e3f87e1e-21bf-11ea-9cd8-00ff00fe27da.json-Software Information-
Version: 4.0.4.49
Components Version: 1.0.781
Update Package Version: 1.0.16388
License: Premium-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Deluge\deluge.exe, Blocked, -1, -1, 0.0.0-Website Data-
Category: Trojan
Domain:
IP Address: 185.244.39.107
Port: 65327
Type: Inbound
File: C:\Program Files (x86)\Deluge\deluge.exe(end)
SpoilerMalwarebytes
www.malwarebytes.com-Log Details-
Protection Event Date: 12/18/19
Protection Event Time: 5:18 PM
Log File: 647d1582-21ba-11ea-a06b-00ff00fe27da.json-Software Information-
Version: 4.0.4.49
Components Version: 1.0.781
Update Package Version: 1.0.16384
License: Premium-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Deluge\deluge.exe, Blocked, -1, -1, 0.0.0-Website Data-
Category: Malware
Domain:
IP Address: 149.202.122.27
Port: 65327
Type: Outbound
File: C:\Program Files (x86)\Deluge\deluge.exe(end)
SpoilerMalwarebytes
www.malwarebytes.com-Log Details-
Protection Event Date: 12/18/19
Protection Event Time: 5:09 PM
Log File: 1a8a9536-21b9-11ea-b50d-00ff00fe27da.json-Software Information-
Version: 4.0.4.49
Components Version: 1.0.781
Update Package Version: 1.0.16384
License: Premium-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Deluge\deluge.exe, Blocked, -1, -1, 0.0.0-Website Data-
Category: Fraud
Domain: trun.tom.ru
IP Address: 153.92.6.87
Port: 50194
Type: Outbound
File: C:\Program Files (x86)\Deluge\deluge.exe(end)
I have also ran a FRST scan via this link;
https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/
Thanks.
-
I own malwarebytes premium, I keep getting blocked outgoing connections from google chrome.
I just completed a full malwarebytes scan with Rootkits and Scan within Archives that are both turned on. Here are the logs.
I have also just completed a scan of Adwcleaner, find attached, cleaned and scanned and restarted my computer.
-
Will do. Thanks for the help Kevin. Everything seems fine now. No more pop-ups. Thanks for your service!
-
Just now, kevinf80 said:
Is Malwarebytes not starting up at boot...?
It has that error message. I press OK then its in my taskbar icons. So I suppose its okay. Just seemed a little odd. It has been like that for a while.
-
-
Zemana report:
Zemana AntiMalware 2.72.2.388 (Installed)
-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/4/5
Operating System : Windows 7 64-bit
Processor : 4X Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
BIOS Mode : Legacy
CUID : 12DEDB5569ED3E7BAD9537
Scan Type : System Scan
Duration : 1m 38s
Scanned Objects : 103318
Detected Objects : 1
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2Detected Objects
-------------------------------------------------------ufh.exe
Status : Scanned
Object : %programfiles%\unknown file handler\ufh.exe
MD5 : 3C94A847629F30A1E215624F59D2918D
Publisher : FTA APS
Size : 134656
Version : -
Detection : Win32/Adware.FileTypeAssistant!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\unknown file handler\ufh.exe
Registry Entry - HKLM\SOFTWARE\Classes\Unknown\shell\opendlg\command\@ = "C:\Program Files (x86)\Unknown File Handler\ufh.exe" "%1"
Registry Entry - HKLM\SOFTWARE\Classes\Unknown\shell\openas\command\@ = "C:\Program Files (x86)\Unknown File Handler\ufh.exe" "%1"
Registry Entry - HKLM\Software\Classes\*\shell\ ufh\command\@ = "C:\Program Files (x86)\Unknown File Handler\ufh.exe" /showinfo "%1"
Cleaning Result
-------------------------------------------------------
Cleaned : 1
Reported as safe : 0
Failed : 0
Also I get this when I boot up.
-
Done JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by Harry (Administrator) on 05/04/2017 at 20:40:30.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 8Successfully deleted: C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UW2R696 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EA5SU2PN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDKH0QCN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9W1SRZI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UW2R696 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EA5SU2PN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDKH0QCN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9W1SRZI (Temporary Internet Files Folder)Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/04/2017 at 20:42:49.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Done ADWcleaner:
# AdwCleaner v6.045 - Logfile created 05/04/2017 at 20:33:39
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-04.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Harry - HARRY-PC
# Running from : C:\Users\Harry\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support***** [ Services ] *****
***** [ Folders ] *****
[-] Folder deleted: C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmmlgikpahieigpcclckfmhnchdlfnjd
[-] Folder deleted: C:\_acestream_cache_
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[-] Folder deleted: C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh
[-] Folder deleted: C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aoiidodopnnhiflaflbfeblnojefhigh
***** [ Files ] *****[-] File deleted: C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aoiidodopnnhiflaflbfeblnojefhigh_0.localstorage
[-] File deleted: C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aoiidodopnnhiflaflbfeblnojefhigh_0.localstorage-journal
***** [ DLL ] ********** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[-] Key deleted: HKU\S-1-5-21-3330130749-1166515165-1541732843-1001\Software\Classes\acestream
[#] Key deleted on reboot: HKCU\Software\Classes\acestream
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\acestream
[-] Key deleted: HKU\S-1-5-21-3330130749-1166515165-1541732843-1001\Software\cain
[#] Key deleted on reboot: HKCU\Software\cain
[#] Key deleted on reboot: [x64] HKCU\Software\cain
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\EpicScale
***** [ Web browsers ] *****[-] [C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: aoiidodopnnhiflaflbfeblnojefhigh
*************************:: "Tracing" keys deleted
:: Winsock settings cleared*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2210 Bytes] - [05/04/2017 20:33:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [2377 Bytes] - [05/04/2017 20:32:37]########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2356 Bytes] ##########
-
Hey Kevin, thanks for the swift reply. Hopefully we can get this done tonight! :]
-
Hi,
I currently own malwarebytes premium. Opened a website a few days ago with a persistent pop-up, accidentally clicked the wrong button. Heard my harddrive whirling up, so I instantly turned off my PC. Done a full Malware threat scan, but since then every so often I get a "Website outbound blocked" from Malwarebytes, often to giberish websites or "crackedmine.com" I have a few screenshots:
. Would like to do a full scan. I have three harddrives too, and I don't know if they are infected either.
Would greatly appreciate if we could do a full system scan for anything else too. Thank you very much.
Trojan detected
in Resolved Malware Removal Logs
Posted
It has made a difference! I boot up like normal! woohoo! thanks Kevin!